Before we declare Docker the champion of the container wars, CoreOS begs to differ. If CoreOS was just doing this alone, it might not matter much. But, CoreOS has some big friends, Red Hat, Google, VMware and Apcera, that will make its efforts count.At CoreOS Fest, the community event for distributed systems and application containers in San Francisco, Red Hat, Google, VMware and Apcera announced support for the App Container spec (appc). Appc is a community-developed specification that defines an image format, runtime environment and discovery mechanism for application containers.
CoreOS started appc as a response to Docker's move from being an open standard container specification to becoming a complex set of tools "compiled into one monolithic binary running primarily as root on your server." Alex Polvi, CoreOS' CEO, believes "From a security and composability perspective, the Docker process model -- where everything runs through a central daemon -- is fundamentally flawed." Appc is meant to be a return to Docker's original container manifesto.
Rocket (rkt), CoreOS's container format, is based on appc. CoreOS doesn't control appc though.
In order to ensure the specification remains a community-led effort, the appc project has established a governance policy and elected several new community maintainers: Twitter's Charles Aylward, Red Hat's Vincent Batts, and Google's Tim Hockins. These companies are coming together to ensure there is an industry standard for application containers, providing guidelines to ensure security, openness, and modularity between stacks.
In a statement, Polvi said, "In just months after the launch of appc, we have seen the adoption and support behind a common application container standard grow quickly. We welcome these new companies into the community and invite others to join the movement to bring forward a secure and portable container standard."
Red Hat senior software engineer, Vincent Batts, added, "We see a joint responsibility for leaders in container technology to avoid past mistakes and drive toward a common standard, assuring freedom to innovate and consistent expectations." Was that dig at Docker? It sounds like it may be, even though Red Hat has partnered with Docker and Red Hat has incorporated Docker into Red Hat Enterprise Linux 7 Atomic Host (RHELAH).
Docker or appc, Batts continued, "From our perspective as a long-term contributor to FOSS, Linux and container technology, containerization is the future of the Linux OS and standard software distribution."
Google's Craig McLuckie, product manager and Kubernetes co-founder, announced that:
The first implementation of the appc specification into Kubernetes, through the support of CoreOS rkt, is an important milestone for the Kubernetes project. Designed with cluster first management in mind, appc support enables developers to use their preferred container image through the same Google infrastructure inspired orchestration framework.
This means that with rkt being integrated directly into Kubernetes, users will have the ability to run ACIs, the App Container image format, and take advantage of rkt's Kubernetes pod support. In addition, rkt's native support for running Docker images means users can continue to use their Docker images.
Apcera also announced its own appc implement: Kurma. This is an execution environment for running applications in containers. Kurma provides a framework that allows containers to be managed and orchestrated. Besides Kurma and rkt, other appc implementations include Jetpack, a FreeBSD AppContainer runtime, and libappc, a C++ library for working with containerized applications.
VMware's Kit Colbert, vice president and CTO of Cloud-Native Apps, added his two cents in a statement, "VMware supports appc today offering rkt to our customers as a container runtime engine." VMware also recently threw its hat in the Linux container ring with Lightwave and Photon. Colbert said, "We will work with the appc community to address portability and security across platforms topics that are top of mind for enterprises seeking to support application containers in their IT environments."
Besides the appc news, CoreOS also announced that its Quay hosted private container registry has updated it build system, improved it caching, and now supports Atlassian Bitbucket and GitLab. Quay is designed to give companies more control of their containers while avoiding the security problem of having resources outside the corporate firewall.
Quay, which works with Docker, rkt and other appc images enables companies to run container-based systems behind a firewall for improved security. CoreOS claims this enables "companies to maintain security and take advantage of container-based systems. With a simple but powerful UI, DevOps and developers spend less time managing the containers and more time creating and using them."